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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A directory system for providing directory services 
in a communications network using stored directory objects, the directory system 
comprising: 

a network interface providing access to the directory system from a 
communications network; 

memory means; and 

at least one processor; 

wherein directory objects are stored in said memory means as directory data, said 
directory data including: 

attribute data representing attributes of said directory objects, 

directory information tree (DIT) data representing a hierarchical directory 
tree structure for said directory objects, and 

management data for managing said directory objects; and 
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wherein portions of said memory means constitute memory segments dedicated to 
storage of corresponding subsets of said directory data, said memory segments including 
(a) one or more attribute segments, each of said attribute segments being dedicated to 
storage of-(a) attribute data for a plurality of directory objects, (b) one or more DIT 
segments, each of said DIT segments being dedicated to storage of DIT data for a 
plurality of directory objects, and (c) one or more object segments, each of said object 
segments being dedicated to storage of management data for a plurality of directory 
objects. 

2. (Previously Presented) A directory system as claimed in claim 1, wherein 
said directory system is configured to allocate portions of said memory means to provide 
said memory segments. 

3. (Previously Presented) A directory system as claimed in claim 1, wherein 
each of said attribute segments includes one or more attribute sub-segments dedicated to 
storage of attribute data for respective object classes. 

4. (Previously Presented) A directory system as claimed in claim 1, wherein 
each of said attribute segments includes one or more attribute sub-segments dedicated to 
storage of attribute data for respective attribute types. 
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5. (Previously Presented) A directory system as claimed in claim 1, wherein 
each of said attribute segments includes one or more attribute sub-segments dedicated to 
storage of attribute data for attributes of respective attribute types. 

6. (Original) A directory system as claimed in claim 1, wherein said attribute 
segments store attribute data for respective portions of a directory information tree (DIT). 

7. (Previously Presented) A directory system as claimed in claim 1, wherein 
the attribute data stored in one or more attribute segments are grouped according to one 
or more of object class, attribute type, attribute, and portion of a DIT. 

8. (Previously Presented) A directory system as claimed in claim 5, wherein 
said attribute data includes a normalized attribute value and a hash value for each 
attribute value. 

9. (Previously Presented) A directory system as claimed in claim 8, wherein 
the directory system generates and stores a hash value for each relative distinguished 
name in said attribute sub-segments. 

10. (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes a context prefix identifier of a corresponding entry, and a relative 
distinguished name identifier of said entry. 
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1 1 . (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes data indicating whether each of said attributes is associated with one or 
more other attributes. 

12. (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes data indicating whether each of said attributes is a sponsoring attribute for 
one or more other attributes. 

13. (Previously Presented) A directory system as claimed in claim 1, wherein 
attributes having the same object naming characteristics are stored together. 

14. (Original) A directory system as claimed in claim 13, wherein the object 
naming characteristics of an attribute correspond to one of distinguished attributes, 
aliased distinguished names, and non-naming attributes. 

15. (Previously Presented) A directory system as claimed in claim 1, wherein 
attributes having the same directory information characteristics are stored together. 

16. (Previously Presented) A directory system as claimed in claim 15, wherein 
the directory information characteristics of an attribute correspond to one of collective 
attributes, compound attributes, attributes of compound attributes, X.500/LDAP 
operational attributes, user operational attributes, sponsoring attributes, and other 
attributes. 

17. Cancelled. 
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18. (Previously Presented) A directory system as claimed in claim 1, wherein 
said management data includes security data. 

19. (Previously Presented) A directory system as claimed in claim 1, wherein 
said object segments include a first object segment for storing distinct name binding rules 
for directory objects, and at least one second object segment for storing other object data 
for said directory objects. 

20. (Previously Presented) A directory system as claimed in claim 1, wherein 
said object segments include a first object segment for storing access control data for 
directory objects, and at least one second object segment for storing other object data for 
said directory objects. 

2 1 . (Original) A directory system as claimed in claim 20, wherein the directory 
system is adapted to generate one or more access control identifiers for a user on the basis 
of access configuration information for said user, and to determine said user's access to a 
directory object on the basis of access control identifiers associated with said object and 
said user. 

22. (Original) A directory system as claimed in claim 2 1 , wherein said one or 
more access control identifiers identify one or more of a specific user, a group of users, 
and a generic user. 
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23. (Original) A directory system as claimed in claim 21, wherein each access 
control identifier includes respective components for accessing a selected DIT, for 
performing a selected directory operation, for accessing a selected attribute group, and for 
accessing a selected attribute type. 

24. (Original) A directory system as claimed in claim 2 1 , wherein said access 
control data includes one or more access control identifiers for each directory object, and 
hierarchical access data defining access to a DIT, a directory operation, an attribute 
group, and an attribute type. 

25. (Previously Presented) A directory system as claimed in claim 1, wherein 
each of said object segments includes one or more object sub-segments, each of said 
object sub-segments including object cells for storing DIT schema data and access 
control data for controlling access to a DIT or a portion of a DIT. 

26. (Original) A directory system as claimed in claim 24, wherein said access 
control data includes one or more numeric access control identifiers. 

27. (Previously Presented) A directory system as claimed in claim 25, wherein 
the directory system generates access control identifiers on the basis of user configuration 
data specifying user access to one or more parts of a DIT and stores said access control 
identifiers in object sub-segment cells corresponding to said one or more parts of said 
DIT. 
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28. (Previously Presented) A directory system as claimed in claim 20, wherein: 

the directory system generates a directory operation access control identifier for 
use in determining whether a user is granted access to perform a selected directory 
operation on a selected attribute type in a selected portion of a DIT, said directory 
operation access control identifier identifying said directory operation, said portion of 
said DIT and said attribute type, and 

the directory system determines whether said access is granted on the basis of a 
comparison of said directory operation access control identifier with one or more access 
control identifiers associated with one or more of said portion of said DIT, said attribute 
type, and an attribute type group including said attribute type. 

29. (Previously Presented) A directory system as claimed in claim 20, wherein 

the directory system is adapted to generate one or more access control identifiers 
for a user on the basis of access configuration information for said user, and 

a trusted operating system is used to determine said user's access to a directory 
object on the basis of access control identifiers associated with said object and said user. 

30. (Previously Presented) A directory system as claimed in claim 20, wherein: 

the directory system generates one or more access control identifiers for a user on 
the basis of access configuration information for said user, and 
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the directory system includes an attribute processor adapted to determine said 
user's access to a directory object on the basis of access control identifiers associated 
with said object and said user. 

3 1 . Cancelled. 

32. (Previously Presented) A directory system as claimed in claim 1, wherein 
each DIT segment includes one or more DIT sub-segments, each of said DIT sub- 
segments including DIT cells storing references to non-leaf entries of a directory tree. 

33. (Previously Presented) A directory system as claimed in claim 32, wherein 
said DIT sub-segments store references to respective portions of a DIT. 

34. (Previously Presented) A directory system as claimed in claim 33, wherein 
said portions correspond to selected portions of a DIT having a flat namespace. 

35. (Original) A directory system as claimed in claim 32, wherein two or more 
DIT sub- segments represent portions of a DIT having a flat namespace. 

36. (Previously Presented) A directory system as claimed in claim 35, wherein 
two or more of said DIT sub-segments store references to a selected portion of a DIT. 

37. (Previously Presented) A directory system as claimed in claim 36, wherein 
each of said references includes a name and a prefix. 
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38. (Original) A directory system as claimed in claim 36, wherein each of said 
references includes a distinguished name prefix and a hash value for said distinguished 
name prefix. 

39. (Original) A directory system as claimed in claim 27, wherein one or more 
of said DIT sub-segments includes one or more access control identifiers for controlling 
access to a corresponding DIT sub-segment. 

40. Cancelled. 

41. (Previously Presented) A directory system as claimed in claim 1, wherein 
each of said DIT segments identifies one or more object segments having stored therein 
management data for objects of the DIT segment, and one or more attribute segments 
having stored therein attribute data for said objects. 

42. (Previously Presented) A directory system as claimed in claim 1, wherein 
said management data includes name binding rules and access control data for said 
directory objects. 

43. (Original) A directory system as claimed in claim 1, wherein said plurality 
of memory segments includes a plurality of transaction segments for storing transaction 
data representing phases of a directory transaction to allow recovery of said directory 
transaction. 
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44. (Original) A directory system as claimed in claim 43, including a 
transaction management component for updating said transaction data during said phases 
of a directory transaction. 

45. (Original) A directory system as claimed in claim 44, wherein said 
transaction management component is adapted to recover directory data on the basis of 
said transaction data. 

46. (Original) A directory system as claimed in claim 1, wherein said plurality 
of memory segments includes at least one adaptation segment for storing adaptation data 
representing the usage of said memory segments. 

47. (Original) A directory system as claimed in claim 46, wherein said 
adaptation data represents the organisation of directory data stored in said plurality of 
memory segments. 

48. (Original) A directory system as claimed in claim 1, including an 
adaptation component for automatically reconfiguring said memory segments on the 
basis of usage of said memory segments. 

49. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of access frequencies for said one or more portions of said directory data. 
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50. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of the number of instances of an entity of said directory data in a region of memory. 

5 1 . (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating instances of an attribute type from a name space into 
two or more regions of memory. 

52. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating instances of an object class into two or more regions 
of memory. 

53. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of access control data for said one or more portions of said directory data. 

54. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes aggregating directory data for a multi-object entity. 

55. (Original) A directory system as claimed in claim 1, wherein the directory 
system is adapted to store selected portions of said directory data in respective regions of 
memory, and to store other portions of said directory data in backing store. 

56. (Original) A directory system as claimed in claim 1, including a plurality 
of modules for accessing and managing said plurality of memory segments. 
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57. (Original) A directory system as claimed in claim 56, including a statistical 
module for generating statistical data in relation to directory entries. 

58. (Original) A directory system as claimed in claim 56, including a 
monitoring module for monitoring one or more directory entries and for generating 
notification data in response to modification of a monitored directory entry. 

59. (Original) A directory system as claimed in claim 56, including a 
collective attributes module for segregating collective attributes of entries within a name 
space. 

60. (Original) A directory system as claimed in claim 56, including a 
validation module for validating one or more certificate paths. 

61 . (Original) A directory system as claimed in claim 56, including a multi- 
object management module for processing two or more objects as an entity. 

62. (Original) A directory system as claimed in claim 61, wherein said two or 
more objects include a sponsoring object and one or more sponsored objects. 

63. (Original) A directory system as claimed in claim 62, wherein said multi- 
object management module is adapted to automatically generate said one or more 
sponsored objects when a sponsoring object is generated. 
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64. (Original) A directory system as claimed in claim 63, wherein said multi- 
object module is adapted to initialise attributes and access controls of said sponsored 
objects when a sponsoring object is generated. 

65. (Original) A directory system as claimed in claim 63, wherein said multi- 
object module is adapted to automatically generate one or more objects related to a user 
object when said user object is generated. 

66. (Previously Presented) A directory system as claimed in claim 65, wherein 
said user object represents a user, and said one or more objects represent one or more 
services for said user. 

67. (Previously Presented) A directory system as claimed in claim 66, wherein 
said one or more services includes a presence service. 

68. (Original) A directory system as claimed in claim 56, including a user 
presence module for generating user presence data to indicate whether a user is using a 
directory. 

69. (Previously Presented) A directory system as claimed in claim 68, wherein 
said user presence module is adapted to generate one or more events in response to a 
change in said user presence data. 
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70. (Original) A directory system as claimed in claim 56, including a service 
authorization module for determining whether a user is authorised to use one or more 
services. 

7 1 . (Original) A directory system as claimed in claim 70, wherein said service 
authorization module is adapted to perform said determining in response to a directory 
search. 

72. (Original) A directory system as claimed in claim 71, wherein said 
directory search is based on an authorisation matching rule, service and device properties, 
and an authorisation token. 

73. (Original) A directory system as claimed in claim 56, including a relational 
search module for performing a distributed object relational search in response to a 
search query including relational operators. 

74-76. Cancelled. 

77. (Original) A directory system as claimed in claim 74, including one or 
more messaging gateway modules for communicating with remote messaging systems 
using one or more messaging protocols. 

78. (Original) A directory system as claimed in claim 1, including at least one 
attribute processor adapted to store and process attribute data of a directory. 
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79. (Original) A directory system as claimed in claim 78, wherein said 
attribute processor includes an application- specific integrated circuit. 

80. (Previously Presented) A directory system as claimed in claim 1 including 
one or more messaging modules for providing transactional messaging services to users. 

81 . (Original) A directory system as claimed in claim 80, wherein said 
transactional messaging services include at least one of email and instant messaging. 

82. (Original) A directory system as claimed in claim 80, wherein said one or 
more messaging modules are adapted to store message data as one or more objects in said 
directory. 

83. (Original) A directory system as claimed in claim 80, wherein said 
transactional messaging services are adapted to store a user's mail box and address book 
as objects in a directory. 

84-101. Cancelled. 

102. (Previously Presented) The directory system of claim 1, wherein said 
memory segments are virtual memory segments, said memory means including physical 
random access memory and backing store. 

103. (Previously Presented) The directory system of claim 1, wherein said 
memory segments are configured as shared memory. 
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104. (Previously Presented) The directory system of claim 103, wherein the 
system is configured to execute a plurality of virtual machines configured to access said 
memory segments of said shared memory. 

105. (Previously Presented) The directory system of claim 1, wherein the 
system is configured to dynamically create, destroy, and/or resize said memory segments. 

106. (Previously Presented) A directory process for providing directory services 
in a communications network using stored directory objects, the directory process being 
executed by a computer system, and including: 

storing directory objects in computer memory as directory data, allocating portions 
of computer memory to provide memory segments dedicated to storage of corresponding 
subsets of directory data representing directory objects, said directory data including: 

attribute data representing attributes of said directory objects, 
directory information tree (DIT) data representing a hierarchical directory 
tree structure for said directory objects, and 

management data for managing said directory objects, 
said memory segments including one or more attribute segments, each of said 
attribute segments being dedicated to storage of attribute data for a plurality of directory 
objects, one or more DIT segments, each of said DIT segments being dedicated to storage 
of DIT data for a plurality of directory objects, and one or more object segments, each of 
said object segments being dedicated to storage of management data for a plurality of 
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112. (Previously Presented) A process as claimed in claim 111, wherein said 
monitoring includes determining that one or more access control identifiers applies to a 
portion of a DIT, and said redistributing includes storing said portion of said DIT with 
said one or more access control identifiers. 

113. (Previously Presented) A process as claimed in claim 111, wherein said 
monitoring includes determining that one or more access control identifiers applies to 
instances of an attribute type, and said redistributing includes storing said instances of 
said attribute type with said one or more access control identifiers. 

114. (Previously Presented) A process as claimed in claim 108, including 
generating at least one new memory segment and wherein said step of redistributing 
includes storing at least a portion of said directory data in said at least one new memory 
segment. 

115. (Previously Presented) A process as claimed in claim 108, wherein said 
step of redistributing includes storing respective portions of said directory data stored in a 
memory segment in two or more memory segments. 

116. (Previously Presented) A process as claimed in claim 108, wherein said 
step of redistributing includes selecting portions of said directory data stored in two or 
more memory segments and storing the selected portions into one memory segment. 

117. (Previously Presented) A process as claimed in claim 108, wherein said 
step of redistributing includes selecting object class information, access control 
information, and DIT structure information that applies to at least one portion of a DIT, 
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directory objects, said management data including access control data for said plurality of 
directory objects. 

107. (Previously Presented) A process as claimed in claim 104, wherein said 
memory segments are virtual memory segments. 

108. (Previously Presented) A process as claimed in claim 106, including 
monitoring directory data stored in a plurality of memory segments; and redistributing at 
least a portion of said directory data in said plurality of memory segments based on said 
monitoring to improve performance of said directory services. 

109. (Previously Presented) A process as claimed in claim 108, wherein said 
monitoring includes at least one of monitoring usage of said directory data, monitoring 
depth of a portion of a DIT, monitoring spread of a portion of a DIT, monitoring the 
number of instances of entities of said directory data, monitoring search times for said 
directory data, and monitoring the association of access control data with one or more 
directory objects. 

110. (Previously Presented) A process as claimed in claim 109, wherein said 
entities include at least one of attributes, object classes, and directory objects. 

111. (Previously Presented) A process as claimed in claim 108, wherein said 
step of monitoring includes monitoring associations of access control data with portions 
of directory data, and said step of redistributing includes storing one or more portions of 
said directory data with one or more associated portions of said access control data. 
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storing the selected information in at least one object segment, and associating the 
selected information with at least a portion of at least one DIT segment corresponding to 
said at least one portion of said DIT. 

118. (Previously Presented) A process as claimed in claim 108, including 
monitoring usage of remote directory data and storing at least a portion of said remote 
directory data in at least one local memory segment based on said usage to improve 
performance of said directory services. 

119. (Previously Presented) A process as claimed in claim 108, wherein said 
redistributing includes redistributing directory data from a memory segment into two or 
more memory segments. 

120. (Previously Presented) A process as claimed in claim 108, wherein said 
monitoring includes monitoring the number of instances of directory data in a memory 
segment. 

121. (Previously Presented) A process as claimed in claim 108, wherein said 
monitoring includes monitoring search times for said directory data. 

122. (Previously Presented) A process as claimed in claim 108, wherein said 
redistributing includes segregating directory data based on access frequencies for said 
directory data. 

123. (Previously Presented) A process as claimed in claim 109, wherein said 
reconfiguring includes aggregating directory data for a multi-object entity. 



20 



LLQYD et al 

Appl. No. 10/705,242 

June 12, 2007 

* 

124. (Previously Presented) A directory system having components for 
executing the steps of claim 106. 

125. (Previously Presented) A computer-readable storage medium having stored 
thereon computer program instructions for executing the steps of claim 106. 
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